b'           OFFICE OF\n    THE INSPECTOR GENERAL\n\nSOCIAL SECURITY ADMINISTRATION\n\n\n       ADMINISTRATIVE COSTS\n          CLAIMED BY THE\n       NEW YORK DIVISION OF\n    DISABILITY DETERMINATIONS\n\n    June 2007     A-02-07-17046\n\n\n\n\n AUDIT REPORT\n\x0c                                    Mission\nBy conducting independent and objective audits, evaluations and investigations,\nwe inspire public confidence in the integrity and security of SSA\xe2\x80\x99s programs and\noperations and protect them against fraud, waste and abuse. We provide timely,\nuseful and reliable information and advice to Administration officials, Congress\nand the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xef\x81\xad Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xef\x81\xad Promote economy, effectiveness, and efficiency within the agency.\n  \xef\x81\xad Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xef\x81\xad Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xef\x81\xad Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xef\x81\xad Independence to determine what reviews to perform.\n  \xef\x81\xad Access to all information necessary for the reviews.\n  \xef\x81\xad Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nWe strive for continual improvement in SSA\xe2\x80\x99s programs, operations and\nmanagement by proactively seeking new ways to prevent and deter fraud, waste\nand abuse. We commit to integrity and excellence by supporting an environment\nthat provides a valuable public service while encouraging employee development\nand retention and fostering diversity and innovation.\n\x0c                                              SOCIAL SECURITY\nMEMORANDUM\n\nDate:      June 11, 2007                                                          Refer To:\n\nTo:        Beatrice M. Disman\n           Regional Commissioner\n            New York\n\nFrom:      Inspector General\n\nSubject:   Administrative Costs Claimed by the New York Division of Disability Determinations\n           (A-02-07-17046)\n\n\n           OBJECTIVE\n\n           For our audit of Fiscal Year (FY) 2004 and 2005 administrative costs claimed by the\n           New York Division of Disability Determinations (DDD), our objectives were to\n           \xe2\x80\xa2     evaluate the DDD\xe2\x80\x99s internal controls over the accounting and reporting of\n                 administrative costs,\n\n           \xe2\x80\xa2     determine whether costs claimed by the DDD were allowable and funds were\n                 properly drawn, and\n           \xe2\x80\xa2     assess limited areas of the general security controls environment.\n\n           A review of the indirect cost was not part of this review. It will be completed at a later\n           date.\n\n           BACKGROUND\n           Disability determinations under the Social Security Administration\xe2\x80\x99s (SSA) Disability\n           Insurance and Supplemental Security Income programs are performed by disability\n           determination services (DDS) in each State or other responsible jurisdiction, according\n                                   1\n           to Federal regulations. Each DDS is responsible for determining claimants\xe2\x80\x99 disabilities\n           and ensuring adequate evidence is available to support its determinations. To make\n           proper disability determinations, each DDS is authorized to purchase consultative\n           medical examinations and medical evidence of record from the claimants\xe2\x80\x99 physicians or\n           other treating sources. SSA pays the DDS for 100 percent of allowable expenditures\n           using a State Agency Report of Obligations for SSA Disability Programs\n           (Form SSA-4513). (For additional background information, see Appendix B.)\n\n           1\n               20 C.F.R. \xc2\xa7\xc2\xa7 404.1601 et. seq. and 416.1001 et seq.\n\x0cPage 2 \xe2\x80\x93 Beatrice M. Disman\n\n\nRESULTS OF REVIEW\nThe New York DDD had effective controls over the accounting and reporting of\nadministrative costs. The costs claimed by the DDD on Forms SSA-4513 for FYs 2004\nand 2005 \xe2\x80\x93 totaling $286,218,585 \xe2\x80\x93 were allowable and funds were properly drawn.\nHowever, we found the general security control environment could be improved. The\nimprovements will help ensure the security of sensitive SSA data stored and processed\nat the site.\n\nGENERAL SECURITY CONTROLS\n\nOverall Security Plan\n\nAccording to SSA\xe2\x80\x99s Program Operations Manual System (POMS), 2 each DDS must\nestablish and maintain a written DDS security plan. The DDD did not possess an\napproved overall security plan at the time of our review. The security plan was drafted\nand awaiting SSA approval before we began our review.\n\nThe DDD provided us its Business Continuity Plans for each of the four DDD office\nlocations. In the event of a disruption to any SSA system, a Business Continuity Plan\ncan be activated and conducted in tandem with the security plan to ensure the recovery\nof the affected functions. However, the Business Continuity Plans did not cover all of\n                                                     3\nthe eight required parts of an overall security plan. Since our review, the DDD has\ncompleted an overall security plan. The plan was approved by SSA regional staff.\n\nOther Security Issues\n\nWe found a few physical security-related issues that needed to be addressed to help\nensure SSA data stored and processed at the DDD were secure. The DDD failed to\n                                                                     4\nmeet certain standards required by SSA physical security guidance. The conditions\nposed the risk of unauthorized access to sensitive SSA information and systems and\nthe interruption of service if the systems were compromised. The DDD staff stated that\nthe DDD was denied the funding it requested to correct these conditions because of a\nlack of resources. We discussed our findings with DDD officials and they noted in their\nresponse to our draft report that they look forward to working with SSA to rectify the\nconditions in the near future.\n\n\n\n2\n    POMS, Section DI 39566.120 B., DDS Security Plan.\n3\n  The eight required parts of the security plan are DDS Security Description; DDS Systems\nInterconnection Access Security Plan; Systems Security Awareness and Training Plan; Annual Systems\nReview/Recertification Plan; Violations Reports and Resolution Plan; Continuity of Operations Plan;\nDisaster Recovery Plan; and Risk Assessment. They are found in POMS, Section DI 39566.120 C., DDS\nSecurity Plan.\n4\n    POMS, Section DI 39566.010 B.1.H., DDS Physical Security.\n\x0cPage 3 \xe2\x80\x93 Beatrice M. Disman\n\n\nCONCLUSION AND RECOMMENDATIONS\nWhile the DDD\xe2\x80\x99s internal controls over the accounting and reporting of administrative\ncosts were effective, the general physical security controls can be improved. In our\ndraft report, we made two specific recommendations on how to improve the physical\nsecurity control environment. We omitted the specific recommendations in the final\nreport to prevent compromising DDD security.\n\nAGENCY COMMENTS\nSSA\xe2\x80\x99s New York Regional Commissioner and New York State\xe2\x80\x99s Commissioner of the\nOffice of Temporary and Disability Assistance agreed with our comments. Please see\nAppendix D for the full text of SSA\xe2\x80\x99s comments.\n\n\n\n\n                                               Patrick P. O\xe2\x80\x99Carroll, Jr.\n\x0c                                      Appendices\nAPPENDIX A - Acronyms\nAPPENDIX B - Background, Scope, and Methodology\nAPPENDIX C - Schedule of Total Costs Reported on Forms SSA-4513-State Agency\n             Reports of Obligations for Social Security Administration Disability\n             Programs\n\nAPPENDIX D - Agency Comments\n\nAPPENDIX E - OIG Contacts and Staff Acknowledgments\n\x0c                                                               Appendix A\n\nAcronyms\nAct           Social Security Act\nC.F.R.        Code of Federal Regulations\nDDD           Division of Disability Determinations\nDDS           Disability Determination Services\nDI            Disability Insurance\nFY            Fiscal Year\nIDS           Intrusion Detection System\nOMB           Office of Management and Budget\nPOMS          Program Operations Manual System\nPub. L. No.   Public Law Number\nSSA           Social Security Administration\nSSA-4513      State Agency Report of Obligations for SSA Disability Programs\nSSI           Supplemental Security Income\nTreasury      Department of the Treasury\nU.S.C.        United States Code\n\x0c                                                                             Appendix B\n\nBackground, Scope, and Methodology\nBACKGROUND\n\nThe Disability Insurance (DI) program, established under Title II of the Social Security\nAct (Act), 1 provides benefits to wage earners and their families in the event the wage\nearner becomes disabled. 2 The Supplemental Security Income (SSI) program,\nestablished under Title XVI of the Act, 3 provides benefits to financially needy individuals\nwho are aged, blind, or disabled. 4\n\nThe Social Security Administration (SSA) is responsible for implementing policies for\nthe development of disability claims under the DI and SSI programs. Disability\ndeterminations under both the DI and SSI programs are performed by disability\ndetermination services (DDS) in each State, Puerto Rico and the District of Columbia in\n                                      5\naccordance with Federal regulations. In carrying out its obligation, each DDS is\nresponsible for determining claimants\xe2\x80\x99 disabilities and ensuring adequate evidence is\navailable to support its determinations. To assist in making proper disability\ndeterminations, each DDS is authorized to purchase medical examinations, x-rays, and\nlaboratory tests on a consultative basis to supplement evidence obtained from the\nclaimants\xe2\x80\x99 physicians or other treating sources.\n\nSSA reimburses the DDS for 100 percent of allowable expenditures up to its approved\nfunding authorization. The DDS withdraws Federal funds through the Department of\nthe Treasury\xe2\x80\x99s (Treasury) Automated Standard Application for Payments System to pay\nfor program expenditures. Funds drawn down must comply with Federal regulations 6\nand intergovernmental agreements entered into by Treasury and States under the Cash\nManagement Improvement Act of 1990. 7\n\nAn advance or reimbursement for costs under the program must comply with Office of\nManagement and Budget (OMB) Circular A-87, Cost Principles for State, Local, and\n1\n    Social Security Amendments of 1954, Pub. L. No. 83-761, 68 Stat. 1089.\n2\n    The Social Security Act, \xc2\xa7\xc2\xa7 201-234, 42 U.S.C. \xc2\xa7\xc2\xa7 401-434.\n3\n    Social Security Amendments of 1972, Pub. L. No. 92-603, 86 Stat. 1465.\n4\n    The Social Security Act, \xc2\xa7\xc2\xa7 1601-1637, 42 U.S.C. \xc2\xa7\xc2\xa7 1381-1383f.\n5\n    20 C.F.R. \xc2\xa7\xc2\xa7 404.1601 et. seq. and 416.1001 et seq.\n6\n    31 C.F.R. \xc2\xa7 205.1 et seq.\n7\n  Cash Management Improvement Act of 1990, Pub. L. No. 101-453, 104 Stat. 1058\n(amending 31 U.S.C. \xc2\xa7\xc2\xa7 6501 and 6503).\n\n\n                                                    B-1\n\x0cIndian Tribal Governments. At the end of each quarter of the Fiscal Year (FY), each\nDDS submits a State Agency Report of Obligations for SSA Disability Programs\n(Form SSA-4513) to account for program disbursements and unliquidated obligations.\n\nSCOPE\n\nTo accomplish our objectives, we reviewed the administrative costs the New York\nDivision of Disability Determinations (DDD) reported on its Forms SSA-4513 for\nFYs 2004 and 2005. For the periods reviewed, we obtained evidence to evaluate\nrecorded financial transactions and determine whether they were allowable under OMB\nCircular A-87, and appropriate, as defined by SSA\xe2\x80\x99s Program Operations Manual\nSystem.\n\nWe also:\n\xe2\x80\xa2   Reviewed applicable Federal laws, regulations and pertinent parts of Program\n    Operations Manual System, DI 39500, DDS Fiscal and Administrative Management,\n    and other instructions pertaining to administrative costs incurred by DDD and draw\n    down of SSA funds.\n\xe2\x80\xa2   Interviewed staff at the DDD and SSA\xe2\x80\x99s Regional Office.\n\xe2\x80\xa2   Evaluated and tested internal controls regarding accounting and financial reporting\n    and cash management activities.\n\xe2\x80\xa2   Verified the reconciliation of official State accounting records to the administrative\n    costs reported by DDD on Forms SSA-4513 for FYs 2004 and 2005.\n\xe2\x80\xa2   Examined the administrative expenditures (personnel, medical service, and all other\n    non-personnel costs) incurred and claimed by DDD for FYs 2004 and 2005 on\n    Forms SSA-4513.\n\xe2\x80\xa2   Compared the amount of SSA funds drawn to support program operations to the\n    allowable expenditures reported on Forms SSA-4513.\n\xe2\x80\xa2   Reviewed the State of New York Single Audit reports issued in 2004 and 2005.\n\xe2\x80\xa2   Conducted limited general control testing\xe2\x80\x94which encompassed reviewing the\n    physical access security within the DDD.\n\nThe electronic data used in our audit were sufficiently reliable to achieve our audit\nobjectives. We assessed the reliability of the electronic data by reconciling them with\nthe costs claimed on the Forms SSA-4513. We also conducted detailed audit testing\non selected data elements in the electronic data files.\n\nWe performed our audit at the DDD in Albany and New York, New York, and the Office\nof Audit in New York, New York, from September through December 2006.\nWe conducted our audit in accordance with generally accepted government auditing\nstandards.\n\n\n\n\n                                             B-2\n\x0cMETHODOLOGY\n\nOur sampling methodology encompassed three of the four general areas of costs as\nreported on Forms SSA-4513: (1) personnel, (2) medical, and (3) all other\nnon-personnel costs. Indirect cost was not part of this audit and will be reviewed at a\nlater date. We also conducted physical security reviews at both the Albany and New\nYork (Manhattan) locations. We obtained computerized data from the DDD for\nFYs 2004 and 2005 for use in statistical sampling. Also, we reviewed general security\ncontrols the DDD had in place.\n\nPersonnel Costs\n\nWe sampled 100 employee salary items from 1 randomly selected pay period in\nFY 2005. The sample of 100 employees consisted of 50 salaried employees directly\nrelated to the standard operations of the DDD and 50 medical doctors. We tested\nregular and overtime payroll and hours for each individual selected. We verified that\napproved time records were maintained and supported the hours worked. We tested\npayroll records to ensure the DDD correctly paid employees and adequately\ndocumented these payments. In addition, we ensured the doctors had valid medical\nlicenses.\n\nWe reviewed all four medical consultants on contract for one randomly selected pay\nperiod in FY 2005. These medical consultants were individuals who were contracted\nout as speech pathologists through an outside vendor. We tested whether the medical\nconsultants were paid in accordance with the approved contract. We also ensured that\nthey had valid licenses to perform their duties.\n\nMedical Costs\n\nWe sampled 100 medical evidence of records and consultative examination records\n(50 items from each FY) using a proportional random sample. We determined whether\nsampled costs were properly reimbursed.\n\nIndirect Costs\n\nIndirect cost was not part of our review. However, we did analyze computer purchases\nmade by the DDD of 708 21-inch monitors. The results of this review were made\navailable in a separate memorandum issued on January 12, 2007.\n\n\n\n\n                                          B-3\n\x0cAll Other Non-Personnel Costs\n\nWe stratified all other non-personnel costs into nine categories: (1) Occupancy,\n(2) Contracted Costs, (3) Electronic Data Processing Maintenance,\n(4) Equipment Purchases and Rental, (5) Communications, (6) Applicant Travel,\n(7) DDS Travel, (8) Supplies, and (9) Miscellaneous. We selected a stratified random\nsample of 50 items from each FY based on the percentage of costs in each category to\ntotal costs.\n\nGeneral Security Controls\n\nWe conducted limited general security control testing. Specifically we reviewed the\nfollowing eight areas relating to general security controls: (1) Perimeter Security,\n(2) Intrusion Detection, (3) Key Management, (4) Internal Office Security, (5) Equipment\nRooms, (6) Security Plan, (7) Continuity of Operations, and (8) Other Security Issues.\nWe determined whether the general security controls the DDS had in place were\nsatisfactory.\n\n\n\n\n                                          B-4\n\x0c                                                                Appendix C\n\nSchedule of Total Costs Reported on\nForms SSA-4513\xe2\x80\x94State Agency Reports of\nObligations for Social Security Administration\nDisability Programs\n\n              New York Division of Disability Determinations\n\n                  FISCAL YEARS (FY) 2004 and 2005 COMBINED\n                                                 UNLIQUIDATED      TOTAL\n REPORTING ITEMS        DISBURSEMENTS             OBLIGATIONS   OBLIGATIONS\nPersonnel                 182,155,822               141,603     182,297,425\nMedical                    56,738,359               530,137      57,268,496\nIndirect *                 15,267,533            12,296,274      27,563,807\nAll Other                  32,056,871              -757,520      31,299,351\nTOTAL                     286,218,585            12,210,494     298,429,079\n\n                                         FY 2004\n                                                 UNLIQUIDATED       TOTAL\n REPORTING ITEMS        DISBURSEMENTS            OBLIGATIONS    OBLIGATIONS\nPersonnel                  92,425,417                21,399      92,446,816\nMedical                    27,301,404                30,066      27,331,470\nIndirect *                  8,904,203             4,778,282      13,682,485\nAll Other                  16,335,423            -1,381,326      14,954,097\nTOTAL                     144,966,447             3,448,421     148,414,868\n                                         FY 2005\n                                                 UNLIQUIDATED       TOTAL\n REPORTING ITEMS        DISBURSEMENTS            OBLIGATIONS    OBLIGATIONS\nPersonnel                  89,730,405               120,204      89,850,609\nMedical                    29,436,955               500,071      29,937,026\nIndirect *                  6,363,330             7,517,992      13,881,322\nAll Other                  15,721,448               623,806      16,345,254\nTOTAL                     141,252,138             8,762,073     150,014,211\n\n* We did not review indirect costs as part of this audit.\n\x0c                                                                             Appendix D\n\nAgency Comments\n\n\n\n\n                               SOCIAL SECURITY\n\nMEMORANDUM                                                               Refer To: S2D2G5\n\nDate:      May 11, 2007\n\nTo:        Inspector General\n\nFrom:      Regional Commissioner\n           New York\n\nSubject:   Administrative Costs Claimed by the New York Division of Disability Determinations\n           (A-02-07-17046) - REPLY\n\n\nI appreciate the opportunity to review the attached draft report. I am pleased that the New York\n(NY) Division of Disability Determinations (DDD) was found to have effective internal controls\nover the accounting and reporting of administrative costs, that all disbursements charged to the\nSocial Security Administration were allowable and properly allocated and that funds were\nproperly drawn for fiscal years (FYs) 2004 and 2005.\n\nThe two recommendations outlined in the draft report are reasonable and will assist us in further\nimproving the security and safety controls that are already in place.\n\nIf members of your staff have any questions concerning this correspondence, they may be\ndirected to Gene Purk, (212) 264-7283 in the Center for Disability.\n\n\n\n\n                                                                   /s/\n                                                                Beatrice M. Disman\n\x0c                                                                       Appendix E\n\nOIG Contacts and Staff Acknowledgments\nOIG Contacts\n\n   Tim Nee, Director, (212) 264-5295\n\n   Vicki Abril, Audit Manager, (212) 264-0504\n\nAcknowledgments\n\nIn addition to those named above:\n\n   Abraham Pierre, Auditor\n\n   Stephen L. Liebman, Senior Auditor\n\n   James Kim, Program Analyst\n\n\nFor additional copies of this report, please visit our web site at www.ssa.gov/oig or\ncontact the Office of the Inspector General\xe2\x80\x99s Public Affairs Specialist at (410) 965-3218.\nRefer to Common Identification Number A-02-07-17046.\n\x0c                           DISTRIBUTION SCHEDULE\n\nCommissioner of Social Security\nOffice of Management and Budget, Income Maintenance Branch\nChairman and Ranking Member, Committee on Ways and Means\nChief of Staff, Committee on Ways and Means\nChairman and Ranking Minority Member, Subcommittee on Social Security\nMajority and Minority Staff Director, Subcommittee on Social Security\nChairman and Ranking Minority Member, Subcommittee on Human Resources\nChairman and Ranking Minority Member, Committee on Budget, House of\nRepresentatives\nChairman and Ranking Minority Member, Committee on Government Reform and\nOversight\nChairman and Ranking Minority Member, Committee on Governmental Affairs\nChairman and Ranking Minority Member, Committee on Appropriations, House of\nRepresentatives\nChairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,\nEducation and Related Agencies, Committee on Appropriations,\n House of Representatives\nChairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Subcommittee on Labor, Health and Human\nServices, Education and Related Agencies, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Committee on Finance\nChairman and Ranking Minority Member, Subcommittee on Social Security and Family\nPolicy\nChairman and Ranking Minority Member, Senate Special Committee on Aging\nSocial Security Advisory Board\n\x0c               Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Resource Management (ORM). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                         Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure program\nobjectives are achieved effectively and efficiently. Financial audits assess whether SSA\xe2\x80\x99s\nfinancial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash flow.\nPerformance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs and\noperations. OA also conducts short-term management and program evaluations and projects on\nissues of concern to SSA, Congress, and the general public.\n\n\n                                    Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n\n                   Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n                              Office of Resource Management\nORM supports OIG by providing information resource management and systems security. ORM\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, ORM is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c'